Although the EU’s new Digital Services Act (DSA) is aimed primarily at social media and large tech companies, you need to be aware of aspects of the Digital Services Act that can impact email marketing efforts as well. First let’s dispel something right away: The Digital Services Act applies to all covered services whether or not they are in the EU. The EU Commission makes this very clear when they say that “All online intermediaries offering their services in the single market, whether they are established in the EU or outside, will have to comply with the new rules.” {Emphasis ours}

Here are relevant sections of the Digital Services Act that we believe are most likely to be applied to email marketing in general and email service providers (ESPs) in particular. Note that these are our first impressions; we also have included the full text of the Digital Services Act.

It’s important to say up front that in the prefatory (i.e. lead up) language to the DSA, it says that it doesn’t apply to email. But that doesn’t mean that it won’t apply to email. For one thing, there is no mention of email in the act itself. At all. Email is not included in the act, and email is also not excluded. Also, EU regulations define information that is ‘disseminated to the public’ (to which the DSA applies) as “making information available, at the request of the recipient of the service who provided the information, to a potentially unlimited number of third parties.” They contrast this to their concept of “interpersonal communications” for which the number of recipient third parties is limited.

The prefatory language where email is mentioned (and just once at that) is “The concept of ‘dissemination to the public’, as used in this Regulation, should entail the making available of information to a potentially unlimited number of persons, that is, making the information easily accessible to users in general without further action by the recipient of the service providing the information being required, irrespective of whether those persons actually access the information in question. The mere possibility to create groups of users of a given service should not, in itself, be understood to mean that the information disseminated in that manner is not disseminated to the public. However, the concept should exclude dissemination of information within closed groups consisting of a finite number of pre-determined persons. Interpersonal communication services, as defined in Directive (EU) 2018/1972* of the European Parliament and of the Council, such as emails or private messaging services, fall outside the scope of this Regulation. Information should be considered disseminated to the public within the meaning of this Regulation only where that occurs upon the direct request by the recipient of the service that provided the information.”

That last sentence is the very definition of email marketing; this, along with the fact that email is not mentioned at all in the actual act, is one of the reasons that we believe that the DSA will be construed to apply to email marketing, even if it is ultimately construed to not apply to a single email sent by a particular sender. So we believe that there is a good chance (maybe even a likelihood) that “not applied to email” will be construed very strictly, so as to apply the DSA to a) the platform through which email is sent (ESP), and b) to the advertisements sent in an email, and c) to the items on display at the pages to which links in the email lead. Plus so many of the definitions in the DSA exactly describe email marketing, email marketing platforms, and email service providers. If you think about it this makes sense, as otherwise the very activities which the DSA purports to target would simply be moved to email and be protected.

*The definition of Interpersonal communication services in Directive (EU) 2018/1972 defines interpersonal communication services as “services that enable interpersonal and interactive exchange of information, covering services like traditional voice calls between two individuals but also all types of emails, messaging services, or group chats. Interpersonal communications services only cover communications between a finite, that is to say not potentially unlimited, number of natural persons, which is determined by the sender of the communication.”

In addition, we see an ambiguous at best, glaring at worst, risk for email which, once sent, is also posted to a website (or vice versa), posted to social media (especially as part of the DSA’s reason for being is to clean up social media), or is posted in a public section of the sender’s account at their ESP’s site (such as Aweber and other ESPs offer).

Here are some other definitions and requirements within the DSA or related regulations which are good to know:

‘information society services’ means “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

‘to offer services in the Union’ means “enabling legal or natural persons in one or more Member States to use the services of the provider of information society services which has a substantial connection to the Union; such a substantial connection is deemed to exist where the provider has an establishment in the Union; in the absence of such an establishment, the assessment of a substantial connection is based on specific factual criteria, such as a significant number of users in one or more Member States; or the targeting of activities towards one or more Member States.”

‘advertisement’ means “information designed to promote the message of a legal or natural person, irrespective of whether to achieve commercial or non-commercial purposes, and displayed by an online platform on its online interface against remuneration specifically for promoting that information.”

Of special interest to ESPs

‘intermediary service’ means “one of the following services: a ‘mere conduit’ service that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network; (or) a ‘caching’ service that consists of the transmission in a communication network of information provided by a recipient of the service, involving the automatic, intermediate and temporary storage of that information, for the sole purpose of making more efficient the information’s onward transmission to other recipients upon their request.”

We believe that most ESPs would not fall within this definition, as they also offer services which directly touch the content being sent through their service. And yet, even if an ESP did fall within the definition of ‘intermediary service’, the Digital Services Act also says that “Providers of intermediary services shall include information on any restrictions that they impose in relation to the use of their service in respect of information provided by the recipients of the service, in their terms and conditions. That information shall include information on any policies, procedures, measures and tools used for the purpose of content moderation, including algorithmic decision-making and human review. It shall be set out in clear and unambiguous language and shall be publicly available in an easily accessible format.”

‘online platform’ means “a provider of a hosting service which, at the request of a recipient of the service, stores and disseminates to the public information.” According to the Act, “Online platforms that display advertising on their online interfaces shall ensure that the recipients of the service can identify, for each specific advertisement displayed to each individual recipient, in a clear and unambiguous manner and in real time: (a) that the information displayed is an advertisement; (b) the natural or legal person on whose behalf the advertisement is display.”

The Act also requires that “Online platforms shall suspend, for a reasonable period of time and after having issued a prior warning, the provision of their services to recipients of the service that frequently provide manifestly illegal content.”

Also “Where an online platform becomes aware of any information giving rise to a suspicion that a serious criminal offence involving a threat to the life or safety of persons has taken place, is taking place or is likely to take place, it shall promptly inform the law enforcement or judicial authorities of the Member State or Member States concerned of its suspicion and provide all relevant information available. 2. Where the online platform cannot identify with reasonable certainty the Member State concerned, it shall inform the law enforcement authorities of the Member State in which it is established or has its legal representative or inform Europol. For the purpose of this Article, the Member State concerned shall be the Member State where the offence is suspected to have taken place, be taking place and likely to take place, or the Member State where the suspected offender resides or is located, or the Member State where the victim of the suspected offence resides or is located.”

You can read the full text of the EU Digital Services Act (DSA) here (this is a PDF). The actual act starts on page 18; pages 1-17 are the prefatory information. Note that the most relevant sections start at page 44 with Chapter 1 and, in our estimation in terms of relevance to our average reader, end at page 58.

Full Text of EU Digital Services Act 2022

Let us help YOU get to the inbox like we've helped these others!

Join our email community and get
How to Stay Out of the Spam Folder 
& How to Grow Your Email List free!

 Get to the Inbox by SuretyMail
The Original Email Deliverability Company

Free stuff!
Skip to content